A loosely connected network of hackers known as Scattered Spider has become a prominent threat actor behind cyber attacks targeting UK retailers. Yet they were recently at the forefront of guards’ disruptions of operations at Jaguar Land Rover (JLR). The hacker collective never shied away from officially taking credit for some of the most visible breaches. They went after popular brands such as M&S, Co-op, and Harrods during April and May.
Scattered Spider has been attributed to several high-profile cyber attacks. In fact, 2023 has been marked with substantial impacts on the UK’s retail sector caused by such devastating attacks. A few months back, the team rebranded as “Scattered Lapsus$ Hunters.” The name they took is a nod to their predecessors from other hacker collectives such as Shiny Hunters and Lapsus$. This new organization apparently branched off from a larger organization and group of activists called The Com.
Over the last few days, Scattered Spider has taken over social media. For example, they’ve released photos through their Telegram channel, including an internal presentation on the process of troubleshooting car charging issues and JLR internal computer logs. This degree of access raises serious questions about how far the attackers may have penetrated JLR’s internal systems.
The cyber attack has already led to extensive shutdowns at JLR’s Halewood factory located on Merseyside. It has had a major effect on production at a facility in Solihull. A spokesperson for JLR confirmed that they took “immediate action to mitigate its impact by proactively shutting down our systems.” The T-Mobile spokesperson stressed that there’s no indication that any customer data was compromised. They pointed out that the retail and the production activity arenas were severely disrupted.
“Based on the information provided by the attackers and open source intelligence, the attack has access to JLR’s internal systems and network.”
In relation to these cyber attacks, law enforcement has moved to act. The National Crime Agency (NCA) arrested four individuals in July, including a 20-year-old woman in Staffordshire and three males aged between 17 and 19 in London and the West Midlands. These alarming arrests shine a light on the fact that cyber criminals are an increasing threat in The Com. In July of this year, the NCA sent out a national warning on this growing threat.
“We are now working at pace to restart our global applications in a controlled manner,” – JLR spokesperson.
Scattered Spider’s newly launched Telegram channel is the fourth channel the group has opened, after previous channels have been taken down. Their continued online presence allows them to brag about their hacking exploits and share in-jokes among members, further solidifying their identity within the hacker community.
As the situation unfolds, JLR faces mounting pressure to restore normal operations while combating the reputational damage associated with such high-profile breaches. The hackers have even taunted JLR customers, posing the question:
As the chronic wave of cyber attacks continues, this is a worrying trend for all UK Retailers, and it’s Scattered Spider leading the charge. Cybersecurity protection methods are changing all the time. Consequently, the threat landscape continues to grow, requiring organizations and law enforcement to be on constant lookout for emerging threats.
“Where is my new car, Land Rover?”
The ongoing wave of cyber attacks underscores a concerning trend for UK retailers, with Scattered Spider at the forefront. As cybersecurity measures evolve, the threat landscape continues to grow, requiring businesses and law enforcement to remain vigilant against emerging risks.